Analysis
-
max time kernel
102s -
max time network
104s -
platform
windows10-2004_x64 -
resource
win10v2004-20240709-en -
resource tags
-
submitted
12/07/2024, 13:32
General
-
Target
https://api.spently.com/api/spently/click?id=1054fya133&store=hotelcollection&type=OI&cid=6272440696998&url=api.spently.com/api/spently/click?id=105133%26store=hotelcollection%26type=OI%26cid=6272440696998%26url=petradarclub.com.br/dayo/opssx/captcha/bWljaGVsbGVAY3JlZGV4c3lzdGVtcy5jb20=$%E3%80%82
Malware Config
Signatures
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Suspicious behavior: EnumeratesProcesses 6 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
-
Suspicious use of FindShellTrayWindow 25 IoCs
-
Suspicious use of SendNotifyMessage 24 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://api.spently.com/api/spently/click?id=1054fya133&store=hotelcollection&type=OI&cid=6272440696998&url=api.spently.com/api/spently/click?id=105133%26store=hotelcollection%26type=OI%26cid=6272440696998%26url=petradarclub.com.br/dayo/opssx/captcha/bWljaGVsbGVAY3JlZGV4c3lzdGVtcy5jb20=$%E3%80%821⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8f5e546f8,0x7ff8f5e54708,0x7ff8f5e547182⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:22⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2816 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3324 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4744 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6124 /prefetch:82⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,18079791656542251260,8358856280278567642,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6028 /prefetch:12⤵
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4bc 0x3041⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5d406f3135e11b0a0829109c1090a41dc
SHA1810f00e803c17274f9af074fc6c47849ad6e873e
SHA25691f57909a10174b06c862089a9c1f3b3aeafea74a70ee1942ce11bb80d9eace4
SHA5122b9f0f94b1e8a1b62ab38af8df2add0ec9e4c6dfa94d9c84cc24fe86d2d57d4fc0d9ec8a9775cf42a859ddfd130260128185a0e2588992bca8fd4ebf5ee6d409
-
Filesize
152B
MD57f37f119665df6beaa925337bbff0e84
SHA1c2601d11f8aa77e12ab3508479cbf20c27cbd865
SHA2561073dbff3ec315ac85361c35c8ba791cc4198149b097c7b287dda1d791925027
SHA5128e180e41dd27c51e81788564b19b8ff411028890da506fbf767d394b1e73ec53e046c8d07235b2ec7c1c593c976bbf74ed9b7d442d68b526a0a77a9b5b0ab817
-
Filesize
240B
MD581d55932f6a6d733542bfd8ef2b28b48
SHA1925206a58de179ada479c88c7d513896ae92d1be
SHA256f4074a6aada452d7932330e034660085e681decf28b863b110ccfe1654da3204
SHA512637a7b7d40376fff0da79f84c7eec4d836919cf61c7ab76bdda8f0c67f1220ae8092f4e6afd55d94d54e6718a3b489b4296ed804f6b9d034465beff14de7b957
-
Filesize
426B
MD527e0034377c9a0ee15aa4273edde5520
SHA165112d0160f21ed6829e3538e0db0771d55a2917
SHA256ddeb519d5a03d741c7999a2639b63b086fc4a465067c97857083dc653b8433a3
SHA512b7d053a754838e709d6e2cb21cf1a4cf25e4a5fca14b630465b92be87c8b259bf7926a47bb4927361db05eb1ed8cde53ee9e759bd67e866ba14dc6373950d903
-
Filesize
6KB
MD5e0f87ca96733face1c036b0d09e4f4c6
SHA1aecb6e7e5fbbfd5214c43eaf09826bb67d83f697
SHA2569d0234028ba2f9235ea9fcf6654da07187b2ff2cf00f7031586d1d7dd837e368
SHA512e4f535c1a684d3c2bf143c3f615b41a2ca5e26f114d12b635dcf9ef61fed8d4dcfaf704b2f003de0ce4f2974f9beeca2d7ad440c74fee1e9c3fedfc40b50121f
-
Filesize
7KB
MD518677bc91c3f0cdffdce9f593e8cee09
SHA1dc887baa4b290e3a7c3656bc43dd6d9aa215875a
SHA256f50bd872c42324103db3e41cf5bc6399356944268503fcee5ac8cc02ea8875df
SHA512465555fe52d4123b1710f7ac0edcf6e7bcba93b176494633652e36eb2b057218b512e86b58d391022c060b9623a40ec2b5081b9d2c28d6a983aeb421a0c0157d
-
Filesize
6KB
MD537988c32eb29a43f21e9cfd23c83da12
SHA1c254fd5b0315f061ffe7e17ee6babb4a06377c97
SHA256e65cd7ed0e0cf46d236b9266b46a53d77cbcb1745d138180b0aca0337ab7d830
SHA512a4eddf32c1ff14e66eef1f169b619a165c8633e70ad8bdca4a852904009f1f2a7a1ee2fe59e64dbee679df638259f94432986e60a77b34d26f6a64cdb7f49109
-
Filesize
704B
MD55bfc661daab767c2bfee91bf6f2e0b66
SHA15feba33dbb3559d5189f3f431770ffba52322027
SHA256096922e0002e3f43b74e2c9309a482a9deb967d607ee325a2cdfa7482a01f558
SHA51215aba03ad3a348799b2dcf7c7648b4a073345051d21b051bf604d1ab6cdc11aaaa9ebc886c86d988a2ba1a243753185e784f8af4c5388c8670221d54ab3b3a4f
-
Filesize
537B
MD5511f8a6c1fc5775e74f897d4f89d7a9d
SHA1ab1671f73b4ee7912f0e8bc42f1a6bb2c6d18798
SHA2564de6c5a2e98c06d1cce1de3fac37fd41fb28ac3a7c16f73f1350d2488c205e91
SHA512301445eb3b7e1f67d20de8cceec262b3c3e6937074f1f84c161500ae670c29bd6ad46cabb9f26003e478aa02cf0664d083aa3512cf4972f2d3b956a83f76e849
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD518665a2c8117f2a45f2555ac8da44c3a
SHA191f710f8d46aff26c92a576327100a5b9f145bcd
SHA25652fb03f32406de80b4aea565c6d1083ae9c7500aa5448aa42a4841c626b1ed78
SHA51276a00f9e2238a3484e130a606dd573d756b2648051b1044f79ed8f898a7d841f498971153c0e3bbd9f801cbb12cc885fc78262ac94d5878d40e26308359d49da